Okay, I'll take the alternative view: this is embarrassing for the OP.
What worries me is that the OP found the name Bart Burns on the WHOIS for the domain, and assumed (a) that's who registered the domain, and (b) that the information he found via a quick Google is actually Bart Burns. I can change the information on my domain to be whoever I want, particularly if I'm a scammer. Whatever I put in NameCheap's panel shows up minutes later. If someone doesn't believe me, I'll alter the registration on one of my domains. Just ask.
More interesting than that, however, is that the OP is completely aware that there are avenues of recourse for this and that he is technically able to determine who hosts the scraped domain. Rather than pursue those avenues of recourse, however -- said facilities have been keeping the Internet from devolving into a "wild West," at least in ARIN and RIPE regions -- this guy had to take a play from 4chan's book and attack possibly the wrong guy. If everybody did what the OP does, you're absolutely right: the Internet would be a wild West.
As an administrator at a very large ISP, I am completely aware that some people lose faith in abuse desk contacts. At my employer, we receive countless abuse complaints and we handle every single one. This is a pattern you will observe in ARIN and RIPE regions, but less so for APNIC and other parts of the world (with exceptions). Particularly for someone hosted with JustHost, a DMCA complaint gets the job done in hours. If it doesn't you can go after the ISP. I was never a fan of the DMCA, but this is a prime example of a use case for it.
Above everything else, though, even if the OP is right about the identity of the scammer, calling out the scammer's employment means the OP could be attacking his family. If I were the aforementioned company I'd cut my losses and terminate the employee for bad PR. Now the OP has potentially hurt the suspected perpetrator's family based on actions his family is probably not even familiar with. Because he copied the HTML for a site I've never even heard of. That's icing on the cake, to me, because I protect my family. With teeth.
In short, I am totally unimpressed by the OP's vigilantism and I am equally disappointed that it is so popular in this forum. Demonstrating this sort of arrogance to Hacker News is probably a good way to burn your bridges at the innumerable employers and business contacts that frequent the site.
EDIT: See my response to jedsmith below. I didn't look at the altered site when I posted the following:
Well, it doesn't look like the OP has actually done any vigilantism (at least not yet):
I simply altered the code of my site so that the next time his scraper tried to access its content, it wouldn’t get what it expected. Within an hour, the homepage and every page of his site looked like this (redacted to protect the guilty)
What he did can only target the guilty party, as all he did was change his own site's content.
Intentionally altering your site so that the automated scraper pastes personal identity all over the target site is an act of vigilantism, and feeds the wild West that the author laments. Hell, digging up identity and then using it against a person is vigilante in itself -- the content of the site modification is extremely passive aggressive. 4chan calls this "dropping dox".
However, if he were actually certain to get the right guy, what's so bad about "attacking his family" as you define it? Putting a thief in jail does reduce the income of his/her family, but I wouldn't blame the victim for doing so!
You could argue that the punishment doesn't fit the crime, but that's a much more subtle argument than you appear to be making.
> However, if he were actually certain to get the right guy, what's so bad about "attacking his family" as you define it?
Spoken like a bachelor. Two things I firmly believe in, especially when it comes to Internet squabbles, disagreements and such:
- Don't mess with someone's livelihood.
- Don't mess with someone's family.
They're related. You're going to sit here and tell me that it's justifiable that the alleged guy lose his job over this, possibly taking food out of his kids' mouths? If I copied your Web site and someone pulled a stunt like that with my employer, I'd be out for blood. You hurt my family, I hurt you. You'll understand when you have one.
You can't parallel this to putting someone in jail, because there wasn't really a crime committed (I'd like to see a prosecution), and OP is not the law.
I upvoted your comment because you are contributing to the discussion, and because I hope to understand you. You're right that I have no kids (I do have a girlfriend, though). I've also explicitly assumed throughout that the guy who was fingered really was the guilty party.
Under this assumption, though, I don't see what's so bad. First off, the guy did do something that he shouldn't; secondly, the actual punishment is almost certainly zero. Not only are we, indeed, not talking about jail time, we're not talking "meticulously SEO johndoeisathief.com to the top of Google" either; we're not talking "start a Twitter shitstorm until his boss fires him"; we're not even talking "publicly call him out" - the data in the post probably probably does identify exactly one person, but it's hard to actually make that link. I do admit that blacking out some more data would be prudent, but - what exactly would you be so upset about?
That's a different argument than you started with. You lost the plot somewhere, which is that I think attacking his employment over this goes beyond a line. There is only one reason to proudly put in your attack:
Someone that works at X should know better!
What reason do you think that is? Now they need to take a hard look at their decision to hire this guy; what is he up to in his private time? Suddenly, his private actions have become publicly tied to our company.
There's a reason I don't have my employer in my profile -- I have personally seen someone take a comment the wrong way, and spend days calling the employer to report what a piece of shit the employee is, and how much he was into drugs, and so on. Merely naming the guy's employer here casts them in a bad light.
Think back to Noirin Shirley accusing the guy from Twitter of sexual assault via her blog. When the media inevitably ran with it, it wasn't "an Apache member accuses another Apache member," it was "a Google employee accuses a Twitter employee," because that's a much juicier story. Now Google and Twitter have been sideswiped in something that isn't even their business, and I wouldn't have been surprised if Twitter had cut him loose over it. I don't think they did, so that is a lucky thing for him.
In this economy, I'm just as stretched as everyone else. Anybody who goes after my paycheck is playing with fire; that's all I'm saying.
I see where you are coming from. I agree with you that e.g. phoning his employer would be an overreaction; and I agree with you that my earlier message was very unclear in that respect, although I wouldn't have posted it if he did, in fact, try to get the alleged thief fired.
Right now, though, "company X" does not seem to be heavily involved - the text in the original is in an image and not indexed. Don't you think that the actual damage is likely to be small?
But that is exactly what the scammer was doing! Person A does something wrong, person B catches them with their hand in the cookie jar, person A turns it around and said "person B is stealing my family's cookies!" Sorry, doesn't work like that.
FYI, the term for directing internet vigilantism at an innocent third party is known as a "Joe job"(http://en.wikipedia.org/wiki/Joe_job). It originated as a spammer's revenge tactic.
First of all, I both agree and disagree with you. :D
The OP's idea was sound - and not without precedence - but the execution was flawed. I say not without precedence, because people have been spitting in the eye of internet theft since the first person figured out how to configure their web server to behave differently based on the Referer header.
Many, many "hot-linkers" (including some fairly well known U.S. politicians...) have gotten an image that was unflattering, simply because they or their staff couldn't be bothered to download and host it themselves. (:
However, I do agree with you in that one cannot be certain about information lifted from WHOIS and Google. That brand of revenge is quite thoughtless, and could have severe repercussions on someone (and, as you pointed out, their family) who's completely innocent.
As such, while it may sound childish, replacing assets for scrapers to such an extent that they get something embarrassing is, IMHO, perfectly fine, so long as it's kept childish (e.g., they receive pages that state "I spent all that time on my scraper and all I got was this lousy GeoCities page", complete with ugly animated gifs), and not malicious, like posting someone's personal information.
-If OP altered his/her own site to list such things as personal address of target, phone, etc of the target before he scrape and if that altered data appeared on the non target's site with WWW access than target would have a case of misdemeanor B class suit in any state in the US.
What worries me is that the OP found the name Bart Burns on the WHOIS for the domain, and assumed (a) that's who registered the domain, and (b) that the information he found via a quick Google is actually Bart Burns. I can change the information on my domain to be whoever I want, particularly if I'm a scammer. Whatever I put in NameCheap's panel shows up minutes later. If someone doesn't believe me, I'll alter the registration on one of my domains. Just ask.
More interesting than that, however, is that the OP is completely aware that there are avenues of recourse for this and that he is technically able to determine who hosts the scraped domain. Rather than pursue those avenues of recourse, however -- said facilities have been keeping the Internet from devolving into a "wild West," at least in ARIN and RIPE regions -- this guy had to take a play from 4chan's book and attack possibly the wrong guy. If everybody did what the OP does, you're absolutely right: the Internet would be a wild West.
As an administrator at a very large ISP, I am completely aware that some people lose faith in abuse desk contacts. At my employer, we receive countless abuse complaints and we handle every single one. This is a pattern you will observe in ARIN and RIPE regions, but less so for APNIC and other parts of the world (with exceptions). Particularly for someone hosted with JustHost, a DMCA complaint gets the job done in hours. If it doesn't you can go after the ISP. I was never a fan of the DMCA, but this is a prime example of a use case for it.
Above everything else, though, even if the OP is right about the identity of the scammer, calling out the scammer's employment means the OP could be attacking his family. If I were the aforementioned company I'd cut my losses and terminate the employee for bad PR. Now the OP has potentially hurt the suspected perpetrator's family based on actions his family is probably not even familiar with. Because he copied the HTML for a site I've never even heard of. That's icing on the cake, to me, because I protect my family. With teeth.
In short, I am totally unimpressed by the OP's vigilantism and I am equally disappointed that it is so popular in this forum. Demonstrating this sort of arrogance to Hacker News is probably a good way to burn your bridges at the innumerable employers and business contacts that frequent the site.